Stupid Java
-
Our firewall runs Kaspersky and should have caught it. Symantec should have caught it. Neither did. We're trying to figure out the guilty web site. My worry is that one of our customer's sites was hijacked with a zero day attack. Yes, the problem is the JRE, not Java per se. I had an official Sun JRE on there that was used to maintain a proxy server we've since taken out of service and I just left the JRE there thinking it wouldn't be a problem and I might need it. (Surround SCM ships with the GUIFFY compare utility, which uses Java. Turns out it's a horrible program and I've since switch to Beyond Compare.)
Traditional signature based virus scanners are at a real disadvantage these days. The good exploit writers use virus generation applications that replace the binaries every few hours to stay ahead of the signatures. By the time the scanner can detect the binary, they are probably already onto the next binary.
I can imagine the sinking feeling one would have after ordering my book, only to find a laughably ridiculous theory with demented logic once the book arrives - Mark McCutcheon
-
You beat me to it. That news item was a little wishy-washy though: on one hand it says "Java is a security threat and you can easily live without it" but on the other it says some apps that may be mission critical (VMWare?) require java, so you may as well install Java just in case. I'd much rather the article just say "Die, Java, Die" so we could have a good, proper religious war about it all.
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
VMWare does *not* require Java. Open Office does though which is the only "big" app I can think of that does that even remotely is on my radar.
Yesterday they said today was tomorrow but today they know better. - Poul Anderson
Not having used VMWare lately I was merely quoting the article: "In batting the idea around, Alex Williams, our enterprise editor, noted that a large number of enterprise solutions still rely on Java. Vmware, for example, is introducing platforms[^] to work with both Salesforce and Google that depend on Java to operate"
cheers, Chris Maunder The Code Project | Co-founder Microsoft C++ MVP
-
Yep, I make sure to keep JRE out of my home machine. The same rule generally applied to .NET runtime before it started coming with Windows (maybe it is possible to remove it even now, but I am too lazy to check :) )
-
So why did you have Java on your systems in the first place? Personally I am happy to have it installed and have had fewer problems (i.e. none) than I have with any Microsoft product.
It's time for a new signature.
I guess it is all right if you have one (or only a few) Java environment and keep it up-to-date; there has been a period every web site using Java required another version, and keeping all of them up-to-date and hence safe, was quite a job. I see no compelling reason for JRE to be more unsafe than any other framework, including the .NET collection. :)
Luc Pattyn [Forum Guidelines] [Why QA sucks] [My Articles] Nil Volentibus Arduum
Please use < PRE > tags for code snippets, it preserves indentation, and improves readability.
-
VMWare does *not* require Java. Open Office does though which is the only "big" app I can think of that does that even remotely is on my radar.
Yesterday they said today was tomorrow but today they know better. - Poul Anderson
I'm using OOo, and I have disabled Java. It might mean that Java isn't crucial for it to function. As far as I remember, Java is used for some features only. But, unfortunately, I still need Java. Can't run Eclipse without it. And Eclipse/PyDev is still the best option for Python, AFAIK.
We are using Linux daily to UP our productivity - so UP yours!
-
So why did you have Java on your systems in the first place? Personally I am happy to have it installed and have had fewer problems (i.e. none) than I have with any Microsoft product.
It's time for a new signature.
Richard MacCutchan wrote:
So why did you have Java on your systems in the first place?
Came with some software I evaluated (OpenOffice, Scratch). The reason I don't want JRE on my home system is really that I don't want any software written with Java running. No JRE - no Java apps, as simple as that :)
-
Came in this morning and a Fake Anti-Virus Trojan was running on my computer. I had the IT guy come and see what was up while I went to a meeting. Unfortunately, stupid Symantec didn't catch it until it had already run (did catch it later--thanks alot.) While making sure everything was clean, I ran across the Java Installer logs. Sure enough, that's how the damn thing got in. This is the second time I've seen a trojan/virus come into a system through Java and a coworker said he recenty had the same thing happen. So I removed Java from my system and will never use it again. (Several companies write their damn utilities in Java. Those features and/or products are no longer welcome on any system I use.)
Joe Woodbury wrote:
So I removed Java from my system and will never use it again. (Several companies write their damn utilities in Java. Those features and/or products are no longer welcome on any system I use.)
I write applications for my phone in Java ;P Luckily, the JRE does not seem to have any update feature, so I think (hope) my phone is pretty safe from any viruses that spread by it. I also have only installed Java applications that I have source code for, so that I can check it and make sure it's not up to anything dodgy :laugh:
Programming is 10% science, 20% ingenuity, and 70% getting the ingenuity to work with the science. WYSIWYMGIYRRLAAGW: What You See Is What You Might Get If You’re Really Really Lucky And All Goes Well.
-
But, assuming a properly configured firewall, the download of the trojan must be initiated from your computer. The only way I can see that working is from a dodgy web page that installs a rogue applet, that either is the actual trojan, or downloads it. If that's the case, the problem isn't so much with Java per se, but the Java runtime, which will be written in a proper language. You could always consider switching to a different JRE. I'm with you, though, mainly. I have yet to see a Java program that runs as fast, looks as nice or is as feature-rich as a native platform application. I can see the benefit of using it if you have *lots* of platforms that your code needs to run on (Oracle tools come to mind, for example).
Electron Shepherd wrote:
I have yet to see a Java program that runs as fast, looks as nice or is as feature-rich as a native platform application.
Eclipse ? I agree that it is not extremly fast but when you compare it with Visual studio, it is more or less equivalent.
Cédric Moonen Software developer
Charting control [v3.0] OpenGL game tutorial in C++ -
Richard MacCutchan wrote:
So why did you have Java on your systems in the first place?
Came with some software I evaluated (OpenOffice, Scratch). The reason I don't want JRE on my home system is really that I don't want any software written with Java running. No JRE - no Java apps, as simple as that :)
Nemanja Trifunovic wrote:
The reason I don't want JRE on my home system is really that I don't want any software written with Java running. No JRE - no Java apps, as simple as that
For which specific reason ? Just because you don't like Java ? Or is there a concrete reason for that ?
Cédric Moonen Software developer
Charting control [v3.0] OpenGL game tutorial in C++ -
Electron Shepherd wrote:
I have yet to see a Java program that runs as fast, looks as nice or is as feature-rich as a native platform application.
Eclipse ? I agree that it is not extremly fast but when you compare it with Visual studio, it is more or less equivalent.
Cédric Moonen Software developer
Charting control [v3.0] OpenGL game tutorial in C++Cedric Moonen wrote:
when you compare it with Visual studio, it is more or less equivalent.
No, it's not. VS is much much ahead. :cool:
Procrastination and Improvisation are my two swords to fight life.
-
Cedric Moonen wrote:
when you compare it with Visual studio, it is more or less equivalent.
No, it's not. VS is much much ahead. :cool:
Procrastination and Improvisation are my two swords to fight life.
Seconded. One of these days I'll build a PHP project environment for VS Shell. :cool::cool:
-
Cedric Moonen wrote:
when you compare it with Visual studio, it is more or less equivalent.
No, it's not. VS is much much ahead. :cool:
Procrastination and Improvisation are my two swords to fight life.
Did you use Eclipse already ? I use both Visual Studio (for C++ development) and Eclipse for Java development. In that scenario Eclipse is far more advanced than Visual Studio (all the extremly powerful refactoring operations are not available in VS). Of course this is also due to language limitation but still, the gap is huge. The also really like the perspectives and plug-in mechanism in Eclipse.
Cédric Moonen Software developer
Charting control [v3.0] OpenGL game tutorial in C++ -
Seconded. One of these days I'll build a PHP project environment for VS Shell. :cool::cool:
-
But the price is not right ;)
-
But the price is not right ;)
Did you buy the original Visual Studio :laugh: ? There are many ways to get what you want.
Procrastination and Improvisation are my two swords to fight life.
-
Did you buy the original Visual Studio :laugh: ? There are many ways to get what you want.
Procrastination and Improvisation are my two swords to fight life.
Nope, I got every edition of VS for free, at about the Professional level. Thanks MS and your awesome Dreamspark! (I also got Expression Studio for free too!)
-
It ended up in <username>\Application Settings\<Random Directory Name> The executable ended in tssd.exe. It may have been installed through an executable called PdfUpd.exe, though that's not clear. We actually found it by using Glary utilities to see what programs were starting.
Joe Woodbury wrote:
We actually found it by using Glary utilities to see what programs were starting.
You trust Glary Utilities? I thought GU was going to be something awesome, but it seemed to behave like a trojan itself.
-
But, assuming a properly configured firewall, the download of the trojan must be initiated from your computer. The only way I can see that working is from a dodgy web page that installs a rogue applet, that either is the actual trojan, or downloads it. If that's the case, the problem isn't so much with Java per se, but the Java runtime, which will be written in a proper language. You could always consider switching to a different JRE. I'm with you, though, mainly. I have yet to see a Java program that runs as fast, looks as nice or is as feature-rich as a native platform application. I can see the benefit of using it if you have *lots* of platforms that your code needs to run on (Oracle tools come to mind, for example).
<blockquote class="FQ"><div class="FQA">Electron Shepherd wrote:</div>I have yet to see a Java program that runs as fast, looks as nice or is as feature-rich as a native platform application.</blockquote> I've written such applications, thank you very much! Once you learn how to use Swing, you can build Java GUI applications every bit as feature rich, and not noticably slower than a native Windows app. You can have every single window intelligently resizeable. There are a lot of bad applications written in every language, for every platform, and there are also good ones, just as there are bad programmers and good ones.
-
Nemanja Trifunovic wrote:
The reason I don't want JRE on my home system is really that I don't want any software written with Java running. No JRE - no Java apps, as simple as that
For which specific reason ? Just because you don't like Java ? Or is there a concrete reason for that ?
Cédric Moonen Software developer
Charting control [v3.0] OpenGL game tutorial in C++Cedric Moonen wrote:
For which specific reason ?
Every single Java software I ever tried is a memory hog. That may be OK for specialized servers, but not a home machine where I run multiple applications and want to switch between them quickly.